Schneier on Security
NOVEMBER 13, 2020
It seems that this election season has not gone without fraud. In New Zealand, a vote for “Bird of the Year” has been marred by fraudulent votes : More than 1,500 fraudulent votes were cast in the early hours of Monday in the country’s annual bird election, briefly pushing the Little-Spotted Kiwi to the top of the leaderboard, organizers and environmental organization Forest & Bird announced Tuesday.
Troy Hunt
NOVEMBER 13, 2020
This week's update had a load of questions so even whilst the planned content didn't consume a lot of time, audience engagement was great and I appreciate all the input. The big excitement for me was that Ubiquiti doorbell and whilst that might seem like a small thing, I'm absolutely loving it and the ability to answer it from anywhere whilst also integrating it into Home Assistant and triggering events like Sonos text to speech is really cool.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
NOVEMBER 13, 2020
Earlier this year, I announced that I had joined Inrupt , the company commercializing Tim Berners-Lee’s Solid specification : The idea behind Solid is both simple and extraordinarily powerful. Your data lives in a pod that is controlled by you. Data generated by your things — your computer, your phone, your IoT whatever — is written to your pod.
Tech Republic Security
NOVEMBER 13, 2020
Fake shipping notices and charity frauds are two scams cited by the security company GreatHorn, which offers tips to consumers on how to avoid them.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
WIRED Threat Level
NOVEMBER 13, 2020
Last fall, a hacker gave Glenn Greenwald a trove of damning messages between Brazil’s leaders. Some suspected the Russians. The truth was far less boring.
Tech Republic Security
NOVEMBER 13, 2020
With the shift to remote work amid the coronavirus pandemic, online learning related to mindfulness, cybersecurity, and hybrid tech capabilities surged, Udemy found.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
NOVEMBER 13, 2020
Training people to fill cybersecurity jobs is important, but teaching everyone safe practices is also essential.
Security Affairs
NOVEMBER 13, 2020
Vertafore announced that information of 27.7 million Texas drivers has been exposed in a data breach caused by a human error. Vertafore announced that information of 27.7 million Texas drivers has been accidentally exposed due to a human error. The company disclosed this security breach this week, data was stored on an unsecured external storage service and they were accessed by an external party.
Tech Republic Security
NOVEMBER 13, 2020
Jack Wallen walks you through the process of putting in place a temporary fix against SAD DNS for your Linux servers and desktops.
Threatpost
NOVEMBER 13, 2020
The North Face has reset an undisclosed number of customer accounts after detecting a credential-stuffing attack on its website.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
NOVEMBER 13, 2020
STEM education that includes cybersecurity can help the US prepare for the future.
Security Affairs
NOVEMBER 13, 2020
At least the three nation-state actors have targeted seven COVID-19 vaccine makers, they are Strontium, Lazarus Group, and Cerium, Microsoft warns. Microsoft revealed that at least three APT groups have targeted seven companies involved in COVID-19 vaccines research and treatments. “In recent months, we’ve detected cyberattacks from three nation-state actors targeting seven prominent companies directly involved in researching vaccines and treatments for Covid-19.” reads the post publ
Threatpost
NOVEMBER 13, 2020
Three major APTs are involved in ongoing compromises at pharma and clinical organizations involved in COVID-19 research, Microsoft says.
Security Affairs
NOVEMBER 13, 2020
TroubleGrabber is a recently discovered credential stealer that spreads via Discord attachments and uses Discord webhooks to exfiltrate data. Netskope security researchers have spotted a new credential stealer dubbed TroubleGrabber that spreads via Discord attachments and uses Discord webhooks to transfer stolen data to its operators. The malware the same functionalities used by other malware that target Discord gamers, like AnarchyGrabber , but it appears to be the work of different threat acto
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Dark Reading
NOVEMBER 13, 2020
Meanwhile, key legislators and former DHS officials are speaking out in support of CISA director Chris Krebs, who has led the agency's efforts in election security.
Security Affairs
NOVEMBER 13, 2020
Schneider Electric released advisories for multiple flaws, including issues that can allow taking control of Modicon M221 PLCs. Schneider Electric released security advisories for multiple vulnerabilities impacting various products, including four issues that can be exploited by attackers to take control of Modicon M221 programmable logic controllers (PLCs).
Threatpost
NOVEMBER 13, 2020
Cybercriminals are leveraging the multitudes of vulnerable connected devices with botnets that launch dangerous distributed denial-of-service (DDoS) attacks.
WIRED Threat Level
NOVEMBER 13, 2020
An analysis of nearly 500 Covid-related apps worldwide shows major differences in how much data they expect you to give up.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Affairs
NOVEMBER 13, 2020
Threat actors have stolen $2 million worth of Dai cryptocurrency from the cryptocurrency borrowing and lending service Akropolis. Cryptocurrency borrowing and lending service Akropolis disclosed a “flash loan” attack, hackers have stolen roughly $2 million worth of Dai cryptocurrency. The attack took place on November 12, in response to the attack the platform halted all the transactions to prevent hackers from stealing further funds.
Threatpost
NOVEMBER 13, 2020
'Order This, Get This': Social-media influencers are in Amazon’s legal crosshairs for promoting generic Amazon listings with the promise to get prohibited counterfeit luxury items instead.
Dark Reading
NOVEMBER 13, 2020
Starting on Nov. 27, online retailers of all sizes will find out if their e-commerce capabilities are ready for prime time or not.
Threatpost
NOVEMBER 13, 2020
The events giant faces a GDPR-related penalty in the U.K., and more could follow.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Dark Reading
NOVEMBER 13, 2020
DevOps teams with full security integration and self-service capabilities are 80% more likely to fix critical vulnerabilities in under a day, according to the ninth annual "State of DevOps Report.
Google Security
NOVEMBER 13, 2020
Posted by Fabian Kaczmarczyck, Software Engineer, Jean-Michel Picod, Software Engineer and Elie Bursztein, Security and Anti-abuse Research Lead Security keys and your phone’s built-in security keys are reshaping the way users authenticate online. These technologies are trusted by a growing number of websites to provide phishing-resistant two-factor authentication (2FA).
Dark Reading
NOVEMBER 13, 2020
And with more data compliance laws on the way, audit fatigue could be a real challenge for infosec professionals.
ForAllSecure
NOVEMBER 13, 2020
You’ve probably heard of bug bounties. But did you know there’s an elite group of bug bounty hunters that travel the world? Meet Stok; he’s one of them. In this episode, Stok talks about his beginnings in enterprise security and his transition into the top tier of bug bounty hunters. Star of his own popular YouTube channel , Stok believes in community and in giving back what he’s learned along the way.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Dark Reading
NOVEMBER 13, 2020
Vulnerabilities found in three most recent versions of macOS.
Schneier on Security
NOVEMBER 13, 2020
This is neat : By generating powerful streams of water, UCSD’s squid-like robot can swim untethered. The “squidbot” carries its own power source, and has the room to hold more, including a sensor or camera for underwater exploration. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Threatpost
NOVEMBER 13, 2020
Chris Krebs, the first and current director of the CISA, said his protection of election process drew ire from Trump administration.
Expert insights. Personalized for you.
304 
Let's personalize your content